#!/bin/bash -x

#assumption: running in production mode. users of development mode are on their own.
#assumption: single broker. if multiple brokers, SESSION_SECRET must be reused!

# fix re https://bugzilla.redhat.com/show_bug.cgi?id=973796
conf=/var/www/openshift/broker/httpd/broker.conf
cp $conf{,.ugsave.`date +%Y-%m-%d-%H:%M:%S`} || exit 1
sed -i "/PassengerPreStart/ cPassengerPreStart http://127.0.0.1:8080/broker/rest/api.json" $conf

# fix better-known broker.conf
conf=/etc/openshift/broker.conf
cp $conf{,.ugsave.`date +%Y-%m-%d-%H:%M:%S`} || exit 1

# user action log location has changed
sed -i '/^USER_ACTION_LOG_FILE/ cUSER_ACTION_LOG_FILE="/var/log/openshift/broker/user_action.log"' $conf || exit 1
touch /var/log/openshift/broker/user_action.log || exit 1
# when we get the cartridge list later, that creates this log with ownership
# that oo-accept-node complains about, so fix that.
chown apache:apache /var/log/openshift/broker/user_action.log || exit 1

# oo-accept-broker now complains if SESSION_SECRET is not set - set it if not already set.
if ! grep '^\s*SESSION_SECRET=' $conf; then
  sed -i "/SESSION_SECRET=/ cSESSION_SECRET=`openssl rand -hex 64`" $conf
fi

# format for mongo replica sets changed from space separators to comma separators
sed -i '/MONGO_HOST_PORT/ s/\b\s\s*\b/,/g' $conf

# tracking audit log is new with this release.
# ability to supply a message for maintenance mode.
cat <<EOF >> $conf

#Log resource usage information
# Log usage to the DB for oo-admin-{ctl-,}usage
ENABLE_USAGE_TRACKING_DATASTORE="true"
# Log usage to a file
ENABLE_USAGE_TRACKING_AUDIT_LOG="false"
USAGE_TRACKING_AUDIT_LOG_FILE="/var/log/openshift/broker/usage.log"

#Enable/disable maintenance mode
ENABLE_MAINTENANCE_MODE="false"
MAINTENANCE_NOTIFICATION_FILE="/etc/openshift/outage_notification.txt"

# Set the default and maximum expiration for authorization tokens by
# type.  Comma delimited list of expiration pairs, where the key 
# corresponds the canonical form of a scope, and the value corresponds 
# to one or two time durations.  The time durations may be specified in 
# standard ruby syntax (<number>.days) are converted to seconds.  If two
# times are specified, the first is the default value and the second is
# the maximum duration the token may exist for. The key '*' will apply
# to all other scopes.
# 
# Recognized scopes:
#
#   userinfo - access to only information about the current user
#   read     - read-only access to the REST API
#   session  - full access as the user
# 
# Examples:
#
#   # All tokens, regardless of type, expire in 1 month and default to
#   # 1 month in duration.
#   AUTH_SCOPE_TIMEOUTS="*=1.months"   
#
#   # All tokens, regardless of type, expire in 1 month and default to
#   # 1 week in duration.
#   AUTH_SCOPE_TIMEOUTS="*=1.week|1.months"   
#
#   # The read scope expires in 1 day, all other tokens expire in one
#   # week.
#   AUTH_SCOPE_TIMEOUTS="read=1.month, *=1.week"
#
# The value may be any valid Ruby expression that evaluates to a number.
#

AUTH_SCOPE_TIMEOUTS="session=1.days|7.days, *=1.months|6.months"

# Give users the ability to download a cartridge into their gears on creation and cartridge add
DOWNLOAD_CARTRIDGES_ENABLED="true"

EOF

exit 0
